![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
2195c9b0ec8033ff4701bcd66e2e1714c2296ffc
1 <?php
3 function check_schema_version($description, $version)
4 {
5 $desc= preg_replace("/^.* DESC\s+\(*\s*'([^']+)'\s*\)*.*$/", '\\1', $description);
7 return preg_match("/\(v$version\)/", $desc);
8 }
10 function view_schema_check($table)
11 {
12 $message="<table class=\"check\">";
13 foreach ($table as $key => $msg){
14 $message.= "<tr><td class=\"check\">$msg";
15 if(strstr($msg,"enabled")) {
16 $message.="</td><td style='text-align:center' ><img src=images/true.png alt='true' /></td></tr>";
17 }
18 else
19 {
20 $message.="</td><td style='text-align:center' ><img src=images/button_cancel.png alt='false' /></td></tr>";}
21 }
22 $message.="</table>";
23 return $message;
24 }
26 function schema_check($server, $admin, $password,$aff=0)
27 {
28 global $config;
31 $messages= array();
32 $required_classes= array(
33 "gosaObject" => array("version" => "2.4"),
34 "gosaAccount" => array("version" => "2.4"),
35 "gosaLockEntry" => array("version" => "2.4"),
36 "gosaCacheEntry" => array("version" => "2.4"),
37 "gosaDepartment" => array("version" => "2.4"),
39 "goFaxAccount" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
40 "goFaxSBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
41 "goFaxRBlock" => array("version" => "1.0.4", "class" => "gofaxAccount","file" => "gofax.schema"),
43 "gosaUserTemplate" => array("version" => "2.4", "class" => "posixAccount","file" => "nis.schema"),
44 "gosaMailAccount" => array("version" => "2.4", "class" => "mailAccount","file" => "gosa+samba3.schema"),
45 "gosaProxyAccount" => array("version" => "2.4", "class" => "proxyAccount","file" => "gosa+samba3.schema"),
46 "gosaApplication" => array("version" => "2.4", "class" => "appgroup","file" => "gosa.schema"),
47 "gosaApplicationGroup" => array("version" => "2.4", "class" => "appgroup","file" => "gosa.schema"),
49 "GOhard" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
50 "gotoTerminal" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
51 "goServer" => array("version" => "2.4","class" => "server","file" => "goserver.schema"),
52 "goTerminalServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
53 "goNfsServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
54 "goNtpServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
55 "goSyslogServer" => array("version" => "2.4", "class" => "terminals","file" => "goto.schema"),
56 "goLdapServer" => array("version" => "2.4"),
57 "goCupsServer" => array("version" => "2.4", "class" => array("posixAccount", "terminals"),),
58 "goImapServer" => array("version" => "2.4", "class" => array("mailAccount", "mailgroup"),"file" => "gosa+samba3.schema"),
59 "goKrbServer" => array("version" => "2.4"),
60 "goFaxServer" => array("version" => "2.4", "class" => "gofaxAccount","file" => "gofax.schema"),
62 );
64 /* Build LDAP connection */
65 $ds= ldap_connect ($server);
66 if (!$ds) {
67 return (array(_("Can't bind to LDAP. No schema check possible!")));
68 }
69 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
70 $r= ldap_bind ($ds, $admin, $password);
72 /* Get base to look for schema */
73 $sr = @ldap_read ($ds, "", "objectClass=*", array("subschemaSubentry"));
74 $attr= @ldap_get_entries($ds,$sr);
75 if (!isset($attr[0]['subschemasubentry'][0])){
76 return (array(_("Can't get schema information from server. No schema check possible!")));
77 }
79 /* Get list of objectclasses */
80 $nb= $attr[0]['subschemasubentry'][0];
81 $objectclasses= array();
82 $sr= ldap_read ($ds, $nb, "objectClass=*", array("objectclasses"));
83 $attrs= ldap_get_entries($ds,$sr);
84 if (!isset($attrs[0])){
85 return (array(_("Can't get schema information from server. No schema check possible!")));
86 }
87 foreach ($attrs[0]['objectclasses'] as $val){
88 $name= preg_replace("/^.* NAME\s+\(*\s*'([^']+)'\s*\)*.*$/", '\\1', $val);
89 if ($name != $val){
90 $objectclasses[$name]= $val;
91 }
92 }
93 /* Walk through objectclasses and check if they are needed or not */
94 foreach ($required_classes as $key => $value){
95 if (isset($value['class'])){
96 if (!is_array($value['class'])){
97 $classes= array($value['class']);
98 } else {
99 $classes= $value['class'];
100 }
102 /* Check if we are using the class that requires */
103 foreach($classes as $class){
104 if (!isset($objectclasses[$key])){
105 $messages[$key]= sprintf(_("Optional objectclass '%s' required by plugin '%s' is not present in LDAP setup"), $key, $class);
106 } else {
107 if (!check_schema_version($objectclasses[$key], $value['version'])){
108 $messages[$key]= sprintf(_("Optional objectclass '%s' required by plugin '%s' does not have version %s"), $key, $class, $value['version']);
109 }else {
110 if(!isset($affich2[$class])){
111 $affich2[$class]="Support for <b>$class</b> enabled <td class=\"check\"> ".$value['file']."</td>";
112 }
113 }
114 }
116 }
117 } else {
118 /* Required class */
119 if (!isset($objectclasses[$key])){
120 $messages[$key]= sprintf(_("Required objectclass '%s' is not present in LDAP setup"), $key);
121 } else {
122 if (!check_schema_version($objectclasses[$key], $value['version'])){
123 $messages[$key]= sprintf(_("Required objectclass '%s' does not have version %s"), $key, $value['version']);
124 }
125 }
126 }
127 }
129 /* Check for correct samba parameters */
130 if (!isset($objectclasses['sambaSamAccount'])){
131 $messages['samba3']= _("SAMBA 3 support disabled, no schema seems to be installed");
132 $affich['samba3']= $messages['samba3']."<td class=\"check\">gosa+samba3.schema</td>";
133 }else{
134 $affich['samba3']=_("SAMBA 3 support enabled")."<td class=\"check\">gosa+samba3.schema</td>";
135 }
137 if (!isset($objectclasses['sambaAccount'])){
138 $messages['samba2']= _("SAMBA 2 support disabled, no schema seems to be installed");
139 $affich['samba2']=$messages['samba2']."<td class=\"check\">samba.schema</td>";
140 }else{
141 $affich['samba2']=_("SAMBA 2 support enabled")."<td class=\"check\">samba.schema</td>";
142 }
144 /* Check pureftp/dns/ */
145 if (!isset($objectclasses['PureFTPdUser'])){
146 $messages['pureftp']= _("Support for pureftp disabled, no schema seems to be installed");
147 $affich['pureftp']= $messages['pureftp']."<td class=\"check\">pureftpd.schema</td>";
148 }else{
149 $affich['pureftp']=_("Support for pureftp enabled")."<td class=\"check\">pureftpd.schema</td>";
150 }
152 if (!isset($objectclasses['gosaWebdavAccount'])){
153 $messages['webdav']= _("Support for WebDAV disabled, no schema seems to be installed");
154 $affich['webdav']=$messages['webdav']."<td class=\"check\"></td>";
155 }else{
156 $affich['webdav']=_("Support for WebDAV enabled")."<td class=\"check\">gosa+samba3.schema</td>";
157 }
159 if (!isset($objectclasses['phpgwAccount'])){
160 $messages['phpgroupware']= _("Support for phpgroupware disabled, no schema seems to be installed");
161 $affich['phpgroupware']=$messages['phpgroupware']."<td class=\"check\">phpgwaccount.schema</td>";
162 }else{
163 $affich['phpgroupware']=_("Support for phpgroupware enabled")."<td class=\"check\">phpgwaccount.schema</td>";
164 }
166 if (!isset($objectclasses['goFonAccount'])){
167 $messages['phoneaccount']= _("Support for gofon disabled, no schema seems to be installed");
168 $affich['phoneaccount']=$messages['phoneaccount']."<td class=\"check\">gofon.schema</td>";
169 }else{
170 $affich['phoneaccount']=_("Support for gofon enabled")."<td class=\"check\">gofon.schema</td>";
171 }
174 if(($_SESSION['ldapconf']['mail_methods'][$_SESSION['ldapconf']['mail']] == "kolab"))
175 if(!isset($objectclasses['kolabInetOrgPerson']))
176 {
177 $messages['kolab']= _("Support for Kolab disabled, no schema seems to be installed, setting mail-method to cyrus");
178 $tmp = array_flip($_SESSION['ldapconf']['mail_methods']);
179 $_SESSION['ldapconf']['mail']=$tmp['cyrus'];
180 $affich['kolab']=$messages['kolab']."<td class=\"check\">kolab2.schema</td>";
181 }else{
182 $affich['kolab']=_("Support for Kolab enabled")."<td class=\"check\">gofon.schema</td>";
183 }
186 if($aff==0)return ($messages);
187 else return(array_merge($affich,$affich2));
190 }
194 function check(&$faults, $message, $description, $test, $required= TRUE)
195 {
196 $msg= "<table class='check'><tr><td class='check' style='font-size:14px;'>$message</td><td rowspan=2 style='vertical-align:middle; text-align:center;width:45px;'>";
197 if ($test){
198 $msg.= _("OK")."<br>";
199 } else {
200 if (!$required){
201 $msg.="<font color=red>"._("Ignored")."</font><br>";
202 } else {
203 $msg.="<font color=red>"._("Failed")."</font><br>";
204 $faults++;
205 }
206 }
207 $msg.= "</td></tr><tr><td class='check' style='padding-left:20px;background-color:#F0F0F0;'>$description</td></tr></table><br>";
209 return $msg;
210 }
212 function perform_php_checks(&$faults)
213 {
214 global $check_globals;
216 $faults= 0;
217 $msg= "";
219 $msg.= "<h1>"._("PHP setup inspection")."</h1>";
220 $msg.= check ( $faults, _("Checking for PHP version (>=4.1.0)"),
221 _("PHP must be of version 4.1.0 or above for some functions and known bugs in PHP language."),
222 version_compare(phpversion(), "4.1.0")>=0);
224 $msg.= check ( $faults, _("Checking if register_globals is set to 'off'"),
225 _("register_globals is a PHP mechanism to register all global varibales to be accessible from scripts without changing the scope. This may be a security risk. GOsa will run in both modes."),
226 $check_globals == 0, FALSE);
228 $msg.= check ( $faults, _("Checking for ldap module"),
229 _("This is the main module used by GOsa and therefore really required."),
230 function_exists('ldap_bind'));
232 $msg.= check ( $faults, _("Checking for gettext support"),
233 _("Gettext support is required for internationalized GOsa."), function_exists('bindtextdomain'));
235 $msg.= check ( $faults, _("Checking for iconv support"),
236 _("This module is used by GOsa to convert samba munged dial informations and is therefore required."),
237 function_exists('iconv'));
239 $msg.= check ( $faults, _("Checking for mhash module"),
240 _("To use SSHA encryption, you'll need this module. If you are just using crypt or md5 encryption, ignore this message. GOsa will run without it."),
241 function_exists('mhash'), FALSE);
243 $msg.= check ( $faults, _("Checking for imap module"),
244 _("The IMAP module is needed to communicate with the IMAP server. It gets status informations, creates and deletes mail users."),
245 function_exists('imap_open'));
246 $msg.= check ( $faults, _("Checking for getacl in imap"),
247 _("The getacl support is needed for shared folder permissions. The standard IMAP module is not capable of reading acl's. You need a recend PHP version for this feature."),
248 function_exists('imap_getacl'), FALSE);
249 $msg.= check ( $faults, _("Checking for mysql module"),
250 _("MySQL support is needed for reading GOfax reports from databases."),
251 function_exists('mysql_query'), FALSE);
252 $msg.= check ( $faults, _("Checking for cups module"),
253 _("In order to read available printers from IPP protocol instead of printcap files, you've to install the CUPS module."),
254 function_exists('cups_get_dest_list'), FALSE);
255 $msg.= check ( $faults, _("Checking for kadm5 module"),
256 _("Managing users in kerberos requires the kadm5 module which is downloadable via PEAR network."),
257 function_exists('kadm5_init_with_password'), FALSE);
258 return ($msg);
259 }
262 function perform_additional_checks(&$faults)
263 {
264 # Programm check
265 $msg= "<h1>"._("Checking for some additional programms")."</h1>";
267 # Image Magick
268 $query= "LC_ALL=C LANG=C convert -help";
269 $output= shell_exec ($query);
270 if ($output != ""){
271 $lines= split ("\n", $output);
272 $version= preg_replace ("/^Version:[^I]+ImageMagick ([^\s]+).*/", "\\1", $lines[0]);
273 list($major, $minor)= split("\.", $version);
274 $msg.= check ( $faults, _("Checking for ImageMagick (>=5.4.0)"),
275 _("ImageMagick is used to convert user supplied images to fit the suggested size and the unified JPEG format."),
276 ($major > 5 || ($major == 5 && $minor >= 4)));
277 } else {
278 $msg.= check ( $faults, _("Checking imagick module for PHP"),
279 _("Imagick is used to convert user supplied images to fit the suggested size and the unified JPEG format from PHP script."), function_exists('imagick_blob2image'), TRUE);
280 }
282 # Check for fping
283 $query= "LC_ALL=C LANG=C fping -v 2>&1";
284 $output= shell_exec ($query);
285 $have_fping= preg_match("/^fping:/", $output);
286 $msg.= check ( $faults, _("Checking for fping utility"),
287 _("The fping utility is only used if you've got a thin client based terminal environment running."),
288 $have_fping, FALSE);
290 # Check for smb hash generation tool
291 $query= "mkntpwd 2>&1";
292 $output= shell_exec ($query);
293 $have_mkntpwd= preg_match("/^Usage: mkntpwd /", $output);
294 $alt = 0;
296 if (!$have_mkntpwd){
297 $query= "LC_ALL=C LANG=C perl -MCrypt::SmbHash -e 'ntlmgen \"PASSWD\", \$lm, \$nt; print \"\${lm}:\${nt}\\n\";' &>/dev/null";
298 system ($query, $ret);
299 $alt= ($ret == 0);
300 }
302 $msg.= check ( $faults, _("Checking for a way to generate LM/NT password hashes"),
303 _("In order to use SAMBA 2/3, you've to install some additional packages to generate password hashes."),
304 ($have_mkntpwd || $alt));
305 # checking for some PHP.ini Options
307 /* seesio.auto_start should be off, in order to without trouble*/
309 $arra = ini_get_all();
311 /* This array contains folling info now :
312 global_value 0
313 local_value 0
314 access 7
316 -->Access types
317 PHP_INI_USER 1 Entry can be set in user scripts
318 PHP_INI_PERDIR 2 Entry can be set in php.ini, .htaccess or httpd.conf
319 PHP_INI_SYSTEM 4 Entry can be set in php.ini or httpd.conf
320 PHP_INI_ALL 7 Entry can be set anywhere
322 */
324 $session_auto_start = ($arra['session.auto_start']);
325 $implicit_flush = ($arra['implicit_flush']);
326 $max_execution_time = ($arra['max_execution_time']);
327 $memory_limit = ($arra['memory_limit']);
328 $expose_php = ($arra['expose_php']);
329 $magic_quotes_gpc = ($arra['magic_quotes_gpc']);
330 $register_globals = ($arra['register_globals']);
333 // auto_register
334 $msg.= check ( $faults, _("php.ini check -> session.auto_register"),
335 _("In Order to use GOsa without any trouble, the session.auto_register option in your php.ini must be set to 'Off'."), (!$session_auto_start['local_value']));
339 //implicit_flush
340 $msg.= check ( $faults, _("php.ini check -> implicit_flush"),
341 _("This option influences the Output handling. Turn this Option off, to increase performance."),
342 !$implicit_flush['local_value'],0,false);
344 //max_execution_time
345 if($max_execution_time['local_value'] < 30 ){
346 $max_execution_time['local_value']=false;
347 }
348 $msg.= check ( $faults, _("php.ini check -> max_execution_time"),
349 _("The Execution time should be at least 30 seconds, because some actions may consume more time."),
350 $max_execution_time['local_value'],0,false);
352 //memory_limit
353 if($memory_limit['local_value'] < 8 ){
354 $memory_limit['local_value']=false;
355 }
356 $msg.= check ( $faults, _("php.ini check -> memory_limit"),
357 _("GOsa needs at least 8MB of memory, less will cause unpredictable errors! An optimal setting would be 16MB, increase it for larger setups."),
358 !$implicit_flush['local_value'],0,false);
360 //expose_php
361 $msg.= check ( $faults, _("php.ini check -> expose_php"),
362 _("Increase the server security by setting expose_php to 'off'. PHP won't send any Information about the server you are running in this case."),
363 !$implicit_flush['local_value'],0,false);
365 //magic_quotes_gpc
366 $msg.= check ( $faults, _("php.ini check -> magic_quotes_gpc"),
367 _("Increase your server security by setting magic_quotes_gpc to 'on'. PHP will escape all quotes in strings in this case."),
368 $magic_quotes_gpc['local_value'],0,false);
370 return $msg;
371 }
375 //! Added by Hickert
376 //
377 // Parse /contrib/gosa.conf to set user defined values
378 //This function may create the ldap.conf
379 // Lets try
380 function parse_contrib_conf()
381 {
382 /* First gather all needed informations */
386 /* Variables */
387 $str = "";
388 $used_samba_version = 0;
389 $query = "";
390 $fp = false;
391 $output = "";
392 $needridbase_sid = false;
393 $pwdhash = "";
394 $replacements = array();
395 $ldapconf = $_SESSION['ldapconf']; // The Installation information
396 $classes = $_SESSION['classes']; // Class information needed to define which features are enabled
397 $possible_plugins = array();
399 if(isset($classes['samba3'])) // means Samba 3 is disabled
400 $used_samba_version = 2;
401 else
402 $used_samba_version = 3;
405 if(file_exists("/usr/lib/gosa/mkntpasswd")) {
406 $pwdhash = "/usr/lib/gosa/mkntpasswd";
407 }
408 elseif (preg_match("/^Usage: mkntpwd /", shell_exec ("mkntpwd 2>&1"))) {
409 $pwdhash= "mkntpwd";
410 } else {
411 $pwdhash=addslashes(' perl -MCrypt::SmbHash -e "ntlmgen \"\$ARGV[0]\", \$lm, \$nt; print \"\${lm}:\${nt}\n\";" $1');
412 // $pwdhash= 'perl -MCrypt::SmbHash -e \"ntlmgen \\"\\$ARGV[0]\\", \\$lm, \\$nt; print \\"\\${lm}:\\${nt}\\\";\"';
413 }
416 // Define which variables will be replaced
417 $replacements['{LOCATIONNAME}'] = $ldapconf['location'];
418 $replacements['{SAMBAVERSION}'] = $used_samba_version;
419 $replacements['{LDAPBASE}'] = $ldapconf['base'];
420 $replacements['{LDAPADMIN}'] = $ldapconf['admin'];
421 $replacements['{DNMODE}'] = $ldapconf['peopledn'];
422 $replacements['{LDAPHOST}'] = $ldapconf['uri'];
423 $replacements['{PASSWORD}'] = $ldapconf['password'];
424 $replacements['{CRYPT}'] = $ldapconf['arr_cryptkeys'][$ldapconf['arr_crypts']];
425 $replacements['{SID}'] = "";
426 $replacements['{RIDBASE}'] = "";
427 $replacements['{MAILMETHOD}'] = $ldapconf['mail_methods'][$ldapconf['mail']];
428 $replacements['{SMBHASH}'] = $pwdhash;
429 $replacements['{GOVERNMENTMODE}'] = "false";
430 $replacements['{kolabAccount}'] = "";
431 $replacements['{servKolab}'] = "";
434 // This array contains all preg_replace syntax to delete all unused plugins
435 // THE kEY MUST BE THE CLASSNAME so we can check it with $ldapconf['classes']
437 $possible_plugins['fonreport'][] ="'\n.*<plugin.*fonreport+.*\n.*>.*\n'i";
438 $possible_plugins['phoneaccount'][] ="'\n.*<tab.*phoneAccount.*>.*\n'i";
440 $possible_plugins['logview'][] ="'\n.*<plugin.*logview+.*\n.*>.*\n'i";
442 $possible_plugins['pureftp'][] ="'\n.*<tab.*pureftp.*>.*\n'i";
444 $possible_plugins['webdav'][] ="'\n.*<tab.*webdav.*>.*\n'i";
446 $possible_plugins['phpgroupware'][] ="'\n.*<tab.*phpgroupware.*>'i";
449 // Header information
450 // Needed to send the generated gosa.conf to the browser
451 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
452 header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
453 header("Cache-Control: no-cache");
454 header("Pragma: no-cache");
455 header("Cache-Control: post-check=0, pre-check=0");
456 header("Content-type: text/plain");
458 if (preg_match('/MSIE 5.5/', $_SERVER['HTTP_USER_AGENT']) || preg_match('/MSIE 6.0/', $_SERVER['HTTP_USER_AGENT']))
459 {
460 header('Content-Disposition: filename="gosa.conf"');
461 } else {
462 header('Content-Disposition: attachment; filename="gosa.conf"');
463 }
466 if(!$fp=fopen(CONFIG_TEMPLATE_DIR."/gosa.conf","r"))
467 {
468 echo "Can't open file ".CONFIG_TEMPLATE_DIR."/gosa.conf";
469 // Don't write anything else
470 }
471 else
472 {
473 // Read out Data .....
474 while(!feof($fp))
475 {
476 $str.= fread($fp,512);
477 }
481 if($ldapconf['mail_methods'][$ldapconf['mail']]=="kolab")
482 {
483 $replacements['{kolabAccount}'] ="<tab class=\"kolabAccount\" />";
484 $replacements['{servKolab}'] ="<tab class=\"servkolab\" name=\"Kolab\" />";
485 }
491 // Lets check which samba version we will use
493 // in case of samba 2 we don't need to add additional objets in gosa.conf
494 // in case of samba 3 we musst detect if theres an objectType = SambaObjekt defined
495 // if theres is one, then do nothing, because the setup will detect the the SID themself
496 // if theres none defined add SID and RIDBASE to gosa.conf
499 if($used_samba_version == 2)
500 {
501 // Do nothing ...
502 }
503 else
504 {
505 // Create LDAP connection, to check if theres a domain Objekt definen in the Ldap scheme
506 $ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
509 // Try to find a Samba Domain Objekt
510 $ldap->search("(objectClass=sambaDomain)");
512 // Something found ??? so we need to define ridbase an SID by ourselfs
513 if($ldap->count()< 1)
514 {
515 $replacements['{SID}'] = "sid=\"123412-11\"";
516 $replacements['{RIDBASE}'] = "ridbase=\"1000\"";
517 }
518 }// else --> $used_samba_version == 2
520 // Data readed, types replaced, samba version detected and checked if we need to add SID and RIDBASE
523 // Check if there is an ivbbEntry in the LDAP tree, in this case we will set the governmentmode to true
524 // Create LDAP connection, to check if theres a domain Objekt definen in the Ldap scheme
526 if(!isset($ldap))
527 $ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
530 // Try to find a Samba Domain Objekt
531 $ldap->search("(objectClass=ivbbEntry)");
533 // Something found ??? so we need to define ridbase an SID by ourselfs
534 if($ldap->count()> 0)
535 {
536 $replacements['{GOVERNMENTMODE}'] = "true";
537 }
540 // Replace all colleted information with placeholder
541 foreach($replacements as $key => $val)
542 {
543 $str = preg_replace("/".$key."/",$val,$str);
544 // $str = ereg_replace($key,$val,$str);
545 }
547 // Remove all unused plugins
548 foreach($possible_plugins as $plugin)
549 {
550 foreach($plugin as $key=>$val)
551 {
552 if(in_array($plugin,$classes))
553 {
554 $str = preg_replace($val,"\n",$str);
555 }
556 }
557 }
560 }// else --> !$fp=fopen("../contrib/gosa.conf","r")
562 return ((($str)));
563 }
566 // This ist the first page shown in setup
567 // This page test some packages, like php version, ldap_module aso
568 // The funtion don't save anything, it tests only, when withoutput = false
569 // (called from setup.php);
570 function show_setup_page1($withoutput = true)
571 {
572 $smarty = get_smarty();
574 $smarty->assign ("content", get_template_path('setup_introduction.tpl'));
575 $smarty->assign ("tests", perform_php_checks($faults));
579 // This var is true if there is anything went wrong
580 if ($faults)
581 {
582 $smarty->assign("mode", "disabled");
583 }
585 // This line displays the template only if (withoutput is set)
586 if($withoutput)
587 $smarty->display (get_template_path('headers.tpl'));
589 if (isset($_SESSION['errors']))
590 {
591 $smarty->assign("errors", $_SESSION['errors']);
592 }
594 if($withoutput)
595 $smarty->display (get_template_path('setup.tpl'));
597 return (!$faults);
598 }
606 /* Shows Setup_page 2*/
607 function show_setup_page2($withoutput = true)
608 {
609 $smarty = get_smarty();
611 $smarty->assign ("content", get_template_path('setup_step2.tpl'));
612 $smarty->assign ("tests", perform_additional_checks($faults));
614 if ($faults) {
615 $smarty->assign("mode", "disabled");
616 }
617 if($withoutput){
618 $smarty->display (get_template_path('headers.tpl'));
619 }
621 if (isset($_SESSION['errors'])) {
622 $smarty->assign("errors", $_SESSION['errors']);
623 }
624 if($withoutput){
625 $smarty->display (get_template_path('setup.tpl'));
626 }
627 return (!$faults);
628 }
631 /* Setup page 3 asks for the server address
632 "Now we're going to include your LDAP server and create an initial configuration"*/
633 function show_setup_page3($withoutput = true)
634 {
636 // Take the Post oder the Sessioin saved data
637 if(isset($_POST['uri']))
638 $uri = $_POST['uri'];
639 elseif(isset($_SESSION['ldapconf']['uri']))
640 $uri = $_SESSION['ldapconf']['uri'];
642 // If Page called first time, field is empty
643 if((!isset($uri))||(empty($uri)))
644 $uri = "ldap://localhost:389";
647 $smarty = get_smarty();
649 // if isset $uri save it to session
650 if(isset($uri))
651 {
652 $_SESSION['ldapconf']['uri'] = $uri;
653 $smarty->assign ("uri", validate($uri));
654 }
657 // No error till now
658 $fault = false;
661 // If we pushed the Button continue
662 if(isset($_POST['continue3']))
663 if(!isset($uri))
664 {
665 $fault = true;
666 // Output the Error
667 if($withoutput)
668 {
669 print_red (_("You've to specify an ldap server before continuing!"));
670 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
671 }
672 }
673 elseif (!$ds = @ldap_connect (validate($uri)))
674 {
675 $fault =true;
676 // Output the Error
677 if($withoutput)
678 {
679 print_red (_("Can't connect to the specified LDAP server! Please make sure that is reachable for GOsa."));
680 $smarty->assign ("uri", validate($uri));
681 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
682 }
683 }
684 else
685 {
686 // Try to bind the connection
687 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
689 // if we can't bind , print error
690 if (!$r = @ldap_bind ($ds))
691 {
692 $fault = true;
693 // Output the Error
694 if($withoutput)
695 {
696 print_red (_("Can't bind to the specified LDAP server! Please make sure that it is reachable for GOsa."));
697 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
698 $smarty->assign ("uri", validate($uri));
699 }
700 }
701 else
702 {
703 $fault = false;
704 }
705 }
708 $smarty->assign ("content", get_template_path('setup_step3.tpl'));
711 // Load Header
712 if($withoutput)
713 $smarty->display (get_template_path('headers.tpl'));
715 // Set Errors to Smarty
716 if (isset($_SESSION['errors']))
717 {
718 $smarty->assign("errors", $_SESSION['errors']);
719 }
721 // Print out Template
722 if($withoutput)
723 $smarty->display (get_template_path('setup.tpl'));
727 return (!$fault);
728 }
732 // Setup page 4
733 // This page asked for detailed info, like base dn or admin user
734 // if evrything is ok , but there's a missing user with ACL :all we show a a user creation page before we show page 5
735 function show_setup_page4($withoutput = true)
736 {
739 require_once("class_password-methods.inc");
741 error_reporting(E_ALL);
746 $fault = false; // If an error occures we set this var to true
747 $smarty = get_smarty(); // Our smarty instance
748 $uri = $_SESSION['ldapconf']['uri']; // This is the the connect path to the ldapserver like ldap://lo..
749 $ldapconf = $_SESSION['ldapconf']; // The ldap Configuration informations, we collected while setup
750 $arr_crypts = array(); // array which includes contains all possible password crypting methods
751 $temp = ""; // Temp
752 $checkvars = array("location","admin","password","peopleou","peopledn","arr_crypts","mail","uidbase");
755 if(!isset($_SESSION['ldapconf']['arr_cryptkeys']))
756 {
757 require_once("class_password-methods.inc");
758 $tmp = passwordMethod::get_available_methods_if_not_loaded();
759 $_SESSION['ldapconf']['arr_cryptkeys']= $tmp['name'];
760 }
764 if(!isset($_SESSION['ldapconf']['mail_methods']))
765 {
766 $_SESSION['ldapconf']['mail_methods']=array();
767 $temp = get_available_mail_classes();
768 $_SESSION['ldapconf']['mail_methods']= $temp['name'];
769 }
774 // If there are some empty vars in ldapconnect
775 // This values also represent out default values
777 # first try to get $base
778 if(!$ds = @ldap_connect (validate($uri)))
779 {
780 $fault = true;
781 if($withoutput)
782 print_red (_("Can't connect to the specified LDAP server! Please make sure that is reachable for GOsa."));
783 }
784 elseif(!@ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3))
785 {
786 $fault = true;
787 if($withoutput)
788 print_red (_("Can't bind to the specified LDAP server!. Please make sure that it is reachable for GOsa."));
789 }
790 elseif(! $r = @ldap_bind ($ds))
791 {
792 $fault = true;
793 if($withoutput)
794 print_red (_("Can't bind to the specified LDAP server! Please make sure that it is reachable for GOsa."));
795 }
796 else
797 {
798 $sr= @ldap_search ($ds, "", "objectClass=*", array("namingContexts"));
801 $attr= @ldap_get_entries($ds,$sr);
802 if((empty($attr)))
803 {
804 $base= "dc=example,dc=net";
807 if($withoutput)
808 print_red(_("Bind to server successful, but the server seems to be completly empty, please check all informations twice"));
810 }
811 else
812 {
813 $base= $attr[0]['dn'];
814 }
815 }
819 if(!isset($_SESSION['ldapconf']['base'])) $_SESSION['ldapconf']['base'] = $base;
820 if(!isset($_SESSION['ldapconf']['admin'])) $_SESSION['ldapconf']['admin'] = "cn=ldapadmin,".$base;
821 if(!isset($_SESSION['ldapconf']['peopleou'])) $_SESSION['ldapconf']['peopleou'] = "ou=people";
822 if(!isset($_SESSION['ldapconf']['groupou'])) $_SESSION['ldapconf']['groupou'] = "ou=groups";
823 if(!isset($_SESSION['ldapconf']['peopledn'])) $_SESSION['ldapconf']['peopledn'] = "cn";
824 if(!isset($_SESSION['ldapconf']['password'])) $_SESSION['ldapconf']['password'] = "";
825 if(!isset($_SESSION['ldapconf']['location'])) $_SESSION['ldapconf']['location'] = "Example";
826 if(!isset($_SESSION['ldapconf']['uidbase'])) $_SESSION['ldapconf']['uidbase'] = "1000";
827 if(!isset($_SESSION['ldapconf']['mail'])) $_SESSION['ldapconf']['mail'] = 0;
828 $tmp = array_flip($_SESSION['ldapconf']['arr_cryptkeys']);
829 if(!isset($_SESSION['ldapconf']['arr_crypts'])) $_SESSION['ldapconf']['arr_crypts'] = $tmp['md5'];
832 // check Post data
834 if(isset($_POST['check']))
835 {
836 // Check if all needed vars are submitted
837 foreach($checkvars as $key)
838 {
839 if((isset($_POST[$key]))&&($_POST[$key]!=""))
840 {
841 $_SESSION['ldapconf'][$key] = $_POST[$key];
842 }
843 else
844 {
845 if($withoutput)
846 {
847 print_red(sprintf(_("You're missing the required attribute '%s' from this formular. Please complete!"), $key));
848 }
849 $fault = true;
850 }
851 }
853 // check if another base is given ... (ldapadmin...dc=base,dc=de) ..
855 $base = $_SESSION['ldapconf']['admin'];
856 $tmp = array_reverse ( split(",",$base));
857 $base = $tmp[1].",".$tmp[0];
858 $_SESSION['ldapconf']['base'] = $base;
861 }
865 $smarty->assign("arr_cryptkeys",$_SESSION['ldapconf']['arr_cryptkeys']);
866 $smarty->assign("mail_methods", $_SESSION['ldapconf']['mail_methods']);
868 foreach($_SESSION['ldapconf'] as $key => $val)
869 {
870 $smarty->assign($key,$val);
871 }
873 if(isset($_POST['check']))
874 {
875 $ldap= new LDAP($_SESSION['ldapconf']['admin'], $_SESSION['ldapconf']['password'], $_SESSION['ldapconf']['uri']);
877 $m= schema_check($_SESSION['ldapconf']['uri'], $_SESSION['ldapconf']['admin'], $_SESSION['ldapconf']['password']);
878 $_SESSION['classes']= $m;
880 if ($ldap->error != "Success")
881 {
882 if($withoutput)
883 {
884 print_red(sprintf(_("Can't log into LDAP server. Reason was: %s."), $ldap->get_error()));
885 }
886 $fault = true;
887 }
888 }
892 // Set smarty output
893 $smarty->assign ("content", get_template_path('setup_step4.tpl'));
895 $smarty->assign ("peopledns", array("cn", "uid"));
896 if($withoutput)
897 $smarty->display (get_template_path('headers.tpl'));
899 if(isset($_SESSION['errors']))
900 {
901 $smarty->assign("errors", $_SESSION['errors']);
902 }
903 if($withoutput)
904 $smarty->display (get_template_path('setup.tpl'));
907 return (!$fault);
910 }
915 // This page shows your configuration
916 // and wants you to download the gosa.conf ....
917 function show_setup_page5($withoutput=true)
918 {
919 // Get ldapconf
920 $ldapconf= $_SESSION['ldapconf'];
922 // get smarty
923 $smarty = get_smarty();
925 if(isset($_SESSION['classes']))
926 $classes = $_SESSION['classes'];
928 $info= posix_getgrgid(posix_getgid());
929 $smarty->assign ("webgroup", $info['name']);
930 $smarty->assign ("path", CONFIG_DIR);
931 $message = "";
932 $message.="<table class=\"check\">";
933 $m= schema_check($ldapconf['uri'], $ldapconf['admin'], $ldapconf['password'],1);
935 if($withoutput)
936 {
937 $smarty->assign ("schemas", view_schema_check($m));
938 $smarty->assign ("content", get_template_path('setup_finish.tpl'));
939 }
940 // Output templates ....
942 if($withoutput)
943 $smarty->display (get_template_path('headers.tpl'));
945 if (isset($_SESSION['errors']))
946 {
947 $smarty->assign("errors", $_SESSION['errors']);
948 }
949 if($withoutput)
950 $smarty->display (get_template_path('setup.tpl'));
951 return(true);
952 }
965 // this function is called by setup step 5, in order to create a missinf Administrator
966 // and or Administrational user
967 // on success go on with setup_page5
968 // else show this page aggain
969 function create_user_for_setup($withoutput=true)
970 {
972 error_reporting(E_ALL);
974 global $samba;
976 $ldapconf = $_SESSION['ldapconf'];
977 $smarty = get_smarty();
981 if(isset($_SESSION['classes']))
982 $classes= $_SESSION['classes'];
984 // Everything runns perfect ...
985 // So we do a last test on this page
986 // is there a user with ACLs :all which will be able to adminsitrate GOsa
987 // We check that, if this user or group is missing we ask for creating them
989 $ldap= new LDAP($_SESSION['ldapconf']['admin'], $_SESSION['ldapconf']['password'], $_SESSION['ldapconf']['uri']);
991 // $ldap= new LDAP($ldapconf['admin'], $ldapconf['password'], $ldapconf['uri']);
993 // Now we are testing for a group, with the rights :all
994 $ldap->cd($ldapconf['base']);
995 $ldap->search("(&(objectClass=gosaObject)(gosaSubtreeACL=:all))");
997 $group_cnt = $ldap->count();
998 $data = $ldap->fetch();
999 $create_user = false;
1001 // We need to create Administrative user and group
1002 // Because theres no Group found
1003 if($group_cnt < 1)
1004 {
1005 // Set var to create user
1006 $create_user = true;
1008 // Output error
1009 if(($withoutput)&&(!isset($_POST['new_admin'])))
1010 print_red(_("You're missing an administrative account for GOsa, you'll not be able to administrate anything!"));
1011 }
1012 else
1013 {
1015 // We found an Administrative Group, is there a user too
1016 if(isset($data['memberUid'][0]))
1017 {
1018 $ldap->search("(&(objectClass=gosaAccount)(objectClass=person))",array("uid=".$data['memberUid'][0]));
1019 $data2 = $ldap->fetch();
1020 $user_cnt = $ldap->count();
1021 }
1023 // We must create a user
1024 if (($ldap->count() < 1)||(!isset($data2)))
1025 {
1026 $create_user = true;
1027 if(($withoutput)&&(!isset($_POST['new_admin'])))
1028 print_red(_("You're missing an administrative account for GOsa, you'll not be able to administrate anything!"));
1029 }
1030 else
1031 {
1032 // We don't need to add a user
1033 return(true);
1034 }
1036 }// if($group_cn)
1038 // We need to create a new user with group
1039 if(isset($_POST['new_admin']))
1040 {
1041 // Is there a running user ?
1042 // Then add additional
1044 if (isset($classes['samba3']))
1045 {
1046 $samba= "2";
1047 $lmPassword = "lmPassword";
1048 $ntPassword = "ntPassword";
1049 } else {
1050 $samba= "3";
1051 $lmPassword = "sambaLMPassword";
1052 $ntPassword = "sambaNtPassword";
1053 }
1056 // Nothing submitted
1057 if(( (empty($_POST['admin_name']))||(empty($_POST['admin_pass'])) )&&(!$create_user))
1058 {
1059 return(true);
1060 }
1062 // We have the order to create on Admin ^^
1063 // Detect Samba version to define the Attribute names shown below
1064 // go to base
1065 $ldap->cd($ldapconf['base']);
1067 // Define the user we are going to create
1068 $dn = "cn=".$_POST['admin_name'].",".$ldapconf['peopleou'].",".$ldapconf['base'];
1071 $arr['objectClass'][0] ="person";
1072 $arr['objectClass'][1] ="organizationalPerson";
1073 $arr['objectClass'][2] ="inetOrgPerson";
1074 $arr['objectClass'][3] ="gosaAccount";
1075 $arr['uid'] = $_POST['admin_name'];
1076 $arr['cn'] = $_POST['admin_name'];
1077 $arr['sn'] = $_POST['admin_name'];
1079 $arr['givenName'] = "GOsa main administrator";
1080 $arr[$lmPassword] = "10974C6EFC0AEE1917306D272A9441BB";
1081 $arr[$ntPassword] = "38F3951141D0F71A039CFA9D1EC06378";
1082 $arr['userPassword'] = crypt_single($_POST['admin_pass'],"md5");
1083 if( ! $ldap->dn_exists ( $dn )) {
1084 $ldap->cd($dn);
1085 $ldap->create_missing_trees($dn);
1086 $ldap->add($arr);
1087 if($ldap->error!="Success") {
1088 print_red("Can't create user, and / or Group, possibly this problem depends on an empty LDAP server. Check your configuration and try again!");
1089 }
1090 }
1092 // theres already a group for administrator, so we only need to add the user
1093 if($group_cnt)
1094 {
1095 if(!isset($data['memberUid']))
1096 {
1097 $arrr['memberUid']= $_POST['admin_name'];
1098 }
1099 else
1100 {
1101 $data['memberUid'][$data['memberUid']['count']]=$_POST['admin_name'];
1102 $arrr['memberUid'] = $data['memberUid'];
1103 unset($arrr['memberUid']['count']);
1104 }
1105 $ldap->cd($data['dn']);
1106 $ldap->modify($arrr);
1107 }
1108 else
1109 {
1110 // there was no group defined, so we must create one
1111 $dn = "cn=administrators,".$ldapconf['groupou'].",".$ldapconf['base'];
1112 $arrr['objectClass'][0] = "gosaObject";
1113 $arrr['objectClass'][1] = "posixGroup";
1114 $arrr['gosaSubtreeACL'] = ":all";
1115 $arrr['cn'] = "administrators";
1116 $arrr['gidNumber'] = "999";
1117 $arrr['memberUid'] = $_POST['admin_name'];
1118 $ldap->cd($dn);
1119 $ldap->add($arrr);
1120 }
1123 // We created the Group and the user, so we can go on with the next setup step
1124 return(true);
1125 }
1126 else
1127 {
1128 if(!($create_user))
1129 {
1130 $smarty->assign ("content", get_template_path('setup_useradmin.tpl'));
1131 $smarty->assign("exists",true);
1132 }
1133 else
1134 {
1135 $smarty->assign ("content", get_template_path('setup_useradmin.tpl'));
1136 $smarty->assign("exists",false);
1137 }
1138 }
1141 // Smarty outout
1143 if($withoutput)
1144 $smarty->display (get_template_path('headers.tpl'));
1146 if (isset($_SESSION['errors']))
1147 {
1148 $smarty->assign("errors", $_SESSION['errors']);
1149 }
1150 if($withoutput)
1151 $smarty->display (get_template_path('setup.tpl'));
1154 return(false);
1155 }
1158 // Returns the classnames auf the mail classes
1159 function get_available_mail_classes()
1160 {
1161 $dir = opendir( "../include");
1162 $methods = array();
1163 $suffix = "class_mail-methods-";
1164 $lensuf = strlen($suffix);
1165 $prefix = ".inc";
1166 $lenpre = strlen($prefix);
1169 $i = 0;
1170 while (($file = readdir($dir)) !== false)
1171 {
1172 if(stristr($file,$suffix))
1173 {
1174 $lenfile = strlen($file);
1175 $methods['name'][$i] = substr($file,$lensuf,($lenfile-$lensuf)-$lenpre);
1176 $methods['file'][$i] = $file;
1177 $methods[$i]['file'] = $file;
1178 $methods[$i]['name'] = substr($file,$lensuf,($lenfile-$lensuf)-$lenpre);
1179 $i++;
1180 }
1181 }
1182 return($methods);
1183 }
1191 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1192 ?>